In 2019, a security researcher released "checkm8", an exploit that sent shockwaves through the iOS security community. It is an unpatchable vulnerability in the bootrom of hundreds of millions of Apple devices (from the iPhone 4S up to the iPhone X).
The bootrom (SecureROM) is the very first piece of code that runs when you turn on an iPhone. It is burned directly into the silicon processor at the factory. Because it is read-only memory (ROM), it can never be updated or patched by an IPSW firmware update.
The bootrom's job is to verify the digital signature of the next stage of the bootloader (iBoot). This creates Apple's "Chain of Trust."
Checkm8 exploits a "use-after-free" vulnerability in the USB code of the bootrom. By sending a carefully crafted USB request via a computer during DFU mode, an attacker can crash the bootrom and execute their own code before Apple's signature checks even run.
This allows jailbreak tools (like checkra1n and palera1n) to boot modified, unsigned firmware, completely bypassing Apple's security.
Apple identified the USB vulnerability during the manufacturing of the A12 Bionic chip (iPhone XS/XR) and fixed the code burned into the silicon. All devices from A12 onward are completely immune to checkm8.
Was this guide helpful?